Then I have search for "unable to get TLS client DN, error=49 id=7" but it seems no where has a good solution to this yet.
Please help.
Thanks

#

Well, I try to fix something to get it work but now I got this
ldap:~# slapd -d 256 -f /etc/openldap/slapd.conf @(#) $OpenLDAP: slapd 2.4.11 (Nov 26 2009 09:17:06) $ root@SD6-Casa:/tmp/buildd/openldap-2.4.11/debian/build/servers/slapd could not stat config file "/etc/openldap/slapd.conf": No such file or directory (2) slapd stopped. connections_destroy: nothing to destroy.
What should I do now?

log :
ldap:~# /etc/init.d/slapd start

Starting OpenLDAP: slapd - failed.

The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h 'ldaps:///' -g openldap -u openldap -f /etc/ldap/slapd.conf

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.

It looks like something is connecting, but not communicating the Distinquished Name properly. It could be a misconfigured client or another process entirely trying to talk to that port.
–
kmarshFeb 5 '10 at 17:12

3 Answers
3

It might be a good idea to start with a working setup without SSL and then adding bits and pieces one by one until something breaks so that you can find the problem. If the problem is with GnuTLS not supporting TLSCipherSuite, then take it away. Do you really need it? Why do you insist on OpenSSL? GnuTLS has worked fine for me, including LDAPS -connections on port 636, you don't need OpenSSL to do that.

Regarding to this link
http://wiki.debian.org/LDAP/OpenLDAPSetup
It said
"Diagnosis:
If you try to install the OpenLDAP server (slapd) with Debian Lenny, it comes compiled against the GnuTLS library. It means you cannot use an OpenSSL style directive like TLSCipherSuite HIGH:MEDIUM:-SSLv2 in slapd.conf. "

I think it means that on Debian5 (Lenny) can not use openssl as security connection.
Maybe that why I never accomplish it ...Do you guys think it is so?

GnuTLS and OpenSSL are SSL/TLS-libraries. OpenLDAP can be compiled against either of them. GnuTLS just doesn't support all OpenSSL options. But SSL-connections work just fine using GnuTLS, I use it.
–
ptmanMay 6 '10 at 7:21